Posts Tagged ‘privacy’

According to the Stop Online Piracy Act (SOPA), a network provider can be ordered to prevent access by its US subscribers to allegedly piratical Web sites. That language did not appear in an earlier version, Protect IP Act.

Protect IP, on the other hand, doesn’t oblige the ISPs to block their customers from visiting the numeric IP addresses of off-limits web sites and doesn’t perform deep packet inspection.

The head of the Recording Industry Association of America (RIAA) supports the legislation, by suggesting SOPA to be used to force Internet providers to block by IP address and deny access to only the illegal part of a site.

SOPA is designed to respond to the rise of pirate-content sites and it allows the attorney general to seek a court order against the targeted site that would be served on ISPs , causing the target to disappear.

An aide to the House Judiciary committee stated that IP address blocking and deep packet inspection could be necessary and it would be up to a judge to mark a site as blocked.

Deep packet inspection is the only way to block data from specific pages, and may cause privacy issues as it monitors customers’ browsing.

ISPs aren’t enthusiastic enough about SOPA. Verizon ISP has concerns about the legislation and is working with congressional staff to address them.

AT&T remains supportive of the general framework of the Senate bill (similar to SOPA), but when it comes to SOPA “it is working constructively with Chairman Smith and others toward a similar end in the House.”

Sonic.net says that it’s technically feasible for them to block a list of IP addresses provided by the government, even though it becomes more difficult as the list grows.

On the other hand, Jasper says that deep packet inspection wouldn’t be feasible:
“We have no capability to do this, so it would not be technically feasible, as it would require complete re-engineering and re-deployment of our network”.

According to SOPA, an ISP must take technically feasible and reasonable measures designed to prevent access by its subscribers located within the US to the blocked site that is subject to the order.

The RIAA says that SOPA is much more flexible than Senate bill, as it isn’t such specific. “Instead of setting a particular type of technological response in statue, the bill is flexible to allow an ISP to choose the best method, which today may be DNS blocking. If the ISP feels that any one method may have detrimental effect on the DNS system or on its network, or of technology changes, it is not locked in.”

Nowadays VPN (virtual private network) services became very common because more and more users would like privacy. Many websites, like the Pirate Bay’s Ipredator, will offer anonymous vpn services which ensures privacy in downloads from BitTorrent. But is this working?

It turns out that there’s a big security flaw in these services that allows individual users to be identified! The flaw is caused by a combination of IPv6 and PPTP -based VPN services, which is widely used ,moreover IPV6 is enabled by default in most computers (vista,win7).

With this flaw, the IP address and sometimes the MAC address and the computer’s name of a user behind a VPN can be found thanks to their connection broadcasting information that can be used to identify them. Also if the clients are not seperated they might expose each other and reveal sensitive information.(seperate subnet for each one may help).
Only if the following preconditions exist, it may be possible to see a user’s public IP.

1)The computer has an IPv6 stack installed with support for tunneling IPv6 traffic over an IPv4 link (such as ISATAP) (Default in windows vista and 7)
2)The computer has a public IP address assigned.(if you are behind a router with NAT ,192.168.1.1 will be compromised)

Some ways to avoid this flow is to disable IPv6 and rollback to IPv4 or use an alternative to PPTP ,the OpenVPN which is free ,open-source and more stable.
Also by using a VPN, a third party company access to all your private information, that could be a far larger security hole than anything else, so be careful who you trust with your data.

US orders Twitter to hand over information about accounts registered or associated with Wikileaks, rop_g, ioerror, birgittaj, Julian Assange, Bradley Manning, Rop Gongrijp, and Birgitta Jonsdottir for the time period November 1, 2009 to present (december 2010).

All previously mentioned twitter accounts are supposed to be connected with wikileaks. That means that anyone connected with them is supposed to be related and/or a supporter of wikileaks.

If you are a follower (not sure if it also includes mentions and retweets) of any of those accounts, twitter has already handed all your personal information to the US government.
You can find the subpoena here

The malware sends personal data of a user’s phone to a remote server and is also capable of receiving commands from, controlled by hackers, remote servers, in order to control the phone. Mobile security firm Lookout describes the malware as the most sophisticated to appear on Android devices wich has been uploaded onto third-party Chinese Android app markets, poses as gaming applications(Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010).

When Geinimi is launched, collects significant information like location coordinates, unique identifiers for the device (IMEI) and SIM card (IMSI) and attempts to connect to a remote server to transmit the collected device information.

The security firm already updated both free and paid versions of its software to protect against Geinimi.

The largest Facebook games developer has been hit by a fundamental lawsuit for leaking the personal information of 218 million Facebook members to third parties.

Only days have passed since The Wall Street Journal investigated that a large number of Facebooks apps – including Zynga games such as Farmville and Mafia Wars – leaked the user IDs of Facebook players and their friends to outside companies.

User IDs are unique identifiers, which can be used to access a user’s Facebook profile by simply going to http://www.facebook.com/#!/profile.php?id=[UID].

The actual harm that might be done if a user’s Facebook ID is exposed is debatable so Zynga representatives called the lawsuit without merit and stressed that they are preparing a strong defense, according to The Register.

The Facebook social network prohibits the sharing of user IDs with data brokers in its privacy policies and in order to assuage the critics following this privacy breaches is planning to encrypt the user IDs.

Across the web, its common for advertisers like Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, to receive the address of the page from which a user clicked on an advertisement. They receive nothing more than an incomprehensible string of letters and numbers that can’t be used to retrieve users’ information.

However, with social networking sites, those addresses include data which advertisers can use to look up individual profiles and discover users’ personal information and interests, contrary to their privacy policy and their promises they don’t share such information without consent.

After Wall Street Journal’s questions, Facebook and MySpace moved to make changes to stop the handover.

“If you are looking at your profile page and you click on an advertisement, you are telling that advertiser who you are”, an assistant professor at Harvard Business School said.

See the graphic about Internet sites that share information that could be tied to individual profiles.